mediawiki-ssl.conf 2.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. server {
  2. listen 80 default_server;
  3. listen [::]:80 default_server;
  4. server_name localhost;
  5. # Redirect HTTP to HTTPS
  6. return 301 https://$host$request_uri;
  7. }
  8. server {
  9. # SSL configuration
  10. #
  11. listen 443 ssl;
  12. listen [::]:443;
  13. ssl_certificate /etc/letsencrypt/live/wiki.castanedo.es/fullchain.pem; # managed by Certbot
  14. ssl_certificate_key /etc/letsencrypt/live/wiki.castanedo.es/privkey.pem; # managed by Certbot
  15. #
  16. # Note: You should disable gzip for SSL traffic.
  17. # See: https://bugs.debian.org/773332
  18. #
  19. # Read up on ssl_ciphers to ensure a secure configuration.
  20. # See: https://bugs.debian.org/765782
  21. #
  22. # Self signed certs generated by the ssl-cert package
  23. # Don't use them in a production server!
  24. #
  25. # include snippets/snakeoil.conf;
  26. root /var/www/wiki;
  27. # Add index.php to the list if you are using PHP
  28. index index.php index.html index.htm;
  29. server_name localhost;
  30. access_log /var/log/nginx/wiki-access.log;
  31. error_log /var/log/nginx/wiki-error.log;
  32. # Activate HSTS (HTTP Strict Transport Security)
  33. # Note: reinclude if in a location a header is set
  34. include snippets/hsts.conf;
  35. # Allow favicon.ico, robots.txt, .well-known/
  36. # Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht
  37. include snippets/allowed.conf;
  38. include snippets/denied.conf;
  39. location / {
  40. # First attempt to serve request as file, then
  41. # as directory, then fall back to displaying a 404.
  42. try_files $uri $uri/ =404;
  43. error_page 404 = @mediawiki;
  44. }
  45. # Rewrite for Short-URL
  46. location @mediawiki {
  47. rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
  48. }
  49. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  50. #
  51. location ~ \.php$ {
  52. include snippets/fastcgi-php.conf;
  53. # # With php7.2-fpm:
  54. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  55. }
  56. # Disable php in /images/ (security)
  57. location ^~ /images/ {
  58. #Served like static files
  59. }
  60. # Deny access to deleted images folder
  61. location ^~ /images/deleted/ {
  62. deny all;
  63. }
  64. # Deny access to MediaWiki dirs
  65. location ^~ /cache/ { deny all; }
  66. location ^~ /languages/ { deny all; }
  67. location ^~ /maintenance/ { deny all; }
  68. location ^~ /serialized/ { deny all; }
  69. location ^~ /mw-config/ { deny all; }
  70. # Deny .svn and .git
  71. location ~ /.(svn|git)(/|$) { deny all; }
  72. }